<p>Hashing data is security-sensitive. It has led in the past to the following vulnerabilities:</p>
<ul>
  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9233">CVE-2018-9233</a> </li>
  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5097">CVE-2013-5097</a> </li>
  <li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1051">CVE-2007-1051</a> </li>
</ul>
<p>Cryptographic hash functions are used to uniquely identify information without storing their original form. When not done properly, an attacker can
steal the original information by guessing it (ex: with a <a href="https://en.wikipedia.org/wiki/Rainbow_table">rainbow table</a>), or replace the
original data with another one having the same hash.</p>
<p>This rule flags code that initiates hashing.</p>
<h2>Ask Yourself Whether</h2>
<ul>
  <li> the hashed value is used in a security context. </li>
  <li> the hashing algorithm you are using is known to have vulnerabilities. </li>
  <li> <a href="https://en.wikipedia.org/wiki/Salt_(cryptography)">salts</a> are not automatically generated and applied by the hashing function.
  </li>
  <li> any generated salts are cryptographically weak or not credential-specific. </li>
</ul>
<p>You are at risk if you answered yes to the first question and any of the following ones.</p>
<h2>Recommended Secure Coding Practices</h2>
<ul>
  <li> for security related purposes, use only hashing algorithms which are <a
  href="https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet">currently known to be strong</a>. Avoid using algorithms like MD5 and SHA1
  completely in security contexts. </li>
  <li> do not define your own hashing- or salt algorithms as they will most probably have flaws. </li>
  <li> do not use algorithms that compute too quickly, like SHA256, as it must remain beyond modern hardware capabilities to perform brute force and
  dictionary based attacks. </li>
  <li> use a hashing algorithm that generate its own salts as part of the hashing. If you generate your own salts, make sure that a cryptographically
  strong salt algorithm is used, that generated salts are credential-specific, and finally, that the salt is applied correctly before the hashing.
  </li>
  <li> save both the salt and the hashed value in the relevant database record; during future validation operations, the salt and hash can then be
  retrieved from the database. The hash is recalculated with the stored salt and the value being validated, and the result compared to the stored
  hash. </li>
  <li> the strength of hashing algorithms often decreases over time as hardware capabilities increase. Check regularly that the algorithms you are
  using are still considered secure. If needed, rehash your data using a stronger algorithm. </li>
</ul>
<h2>Sensitive Code Example</h2>
<pre>
// === MessageDigest ===
import java.security.MessageDigest;
import java.security.Provider;

class A {
    void foo(String algorithm, String providerStr, Provider provider) throws Exception {
        MessageDigest.getInstance(algorithm); // Sensitive
        MessageDigest.getInstance(algorithm, providerStr); // Sensitive
        MessageDigest.getInstance(algorithm, provider); // Sensitive
    }
}
</pre>
<p>Regarding <code>SecretKeyFactory</code>. Any call to <code>SecretKeyFactory.getInstance("...")</code> with an argument starting by
<code>"PBKDF2"</code> will be highlighted. See <a href="https://www.owasp.org/index.php/Hashing_Java">OWASP guidelines</a>, list of <a
href="https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SecretKeyFactory">standard algorithms</a> and <a
href="https://developer.android.com/reference/javax/crypto/SecretKeyFactory">algorithms on android</a>.</p>
<pre>
// === javax.crypto ===
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.SecretKeyFactory;

class A {
    void foo(char[] password, byte[] salt, int iterationCount, int keyLength) throws Exception {
        // Sensitive. Review this, even if it is the way recommended by OWASP
        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
        PBEKeySpec spec = new PBEKeySpec(password, salt, iterationCount, keyLength);
        factory.generateSecret(spec).getEncoded();
    }
}
</pre>
<p>Regarding Guava, only the hashing functions which are usually misused for sensitive data will raise an issue, i.e. <code>md5</code> and
<code>sha*</code>.</p>
<pre>
// === Guava ===
import com.google.common.hash.Hashing;

class A {
    void foo() {
        Hashing.md5(); // Sensitive
        Hashing.sha1(); // Sensitive
        Hashing.sha256(); // Sensitive
        Hashing.sha384(); // Sensitive
        Hashing.sha512(); // Sensitive
    }
}
</pre>
<pre>
// === org.apache.commons ===
import org.apache.commons.codec.digest.DigestUtils;

class A {
    void foo(String strName, byte[] data, String str, java.io.InputStream stream) throws Exception {
        new DigestUtils(strName); // Sensitive
        new DigestUtils(); // Sensitive

        DigestUtils.getMd2Digest(); // Sensitive
        DigestUtils.getMd5Digest(); // Sensitive
        DigestUtils.getShaDigest(); // Sensitive
        DigestUtils.getSha1Digest(); // Sensitive
        DigestUtils.getSha256Digest(); // Sensitive
        DigestUtils.getSha384Digest(); // Sensitive
        DigestUtils.getSha512Digest(); // Sensitive


        DigestUtils.md2(data); // Sensitive
        DigestUtils.md2(stream); // Sensitive
        DigestUtils.md2(str); // Sensitive
        DigestUtils.md2Hex(data); // Sensitive
        DigestUtils.md2Hex(stream); // Sensitive
        DigestUtils.md2Hex(str); // Sensitive

        DigestUtils.md5(data); // Sensitive
        DigestUtils.md5(stream); // Sensitive
        DigestUtils.md5(str); // Sensitive
        DigestUtils.md5Hex(data); // Sensitive
        DigestUtils.md5Hex(stream); // Sensitive
        DigestUtils.md5Hex(str); // Sensitive

        DigestUtils.sha(data); // Sensitive
        DigestUtils.sha(stream); // Sensitive
        DigestUtils.sha(str); // Sensitive
        DigestUtils.shaHex(data); // Sensitive
        DigestUtils.shaHex(stream); // Sensitive
        DigestUtils.shaHex(str); // Sensitive

        DigestUtils.sha1(data); // Sensitive
        DigestUtils.sha1(stream); // Sensitive
        DigestUtils.sha1(str); // Sensitive
        DigestUtils.sha1Hex(data); // Sensitive
        DigestUtils.sha1Hex(stream); // Sensitive
        DigestUtils.sha1Hex(str); // Sensitive

        DigestUtils.sha256(data); // Sensitive
        DigestUtils.sha256(stream); // Sensitive
        DigestUtils.sha256(str); // Sensitive
        DigestUtils.sha256Hex(data); // Sensitive
        DigestUtils.sha256Hex(stream); // Sensitive
        DigestUtils.sha256Hex(str); // Sensitive

        DigestUtils.sha384(data); // Sensitive
        DigestUtils.sha384(stream); // Sensitive
        DigestUtils.sha384(str); // Sensitive
        DigestUtils.sha384Hex(data); // Sensitive
        DigestUtils.sha384Hex(stream); // Sensitive
        DigestUtils.sha384Hex(str); // Sensitive

        DigestUtils.sha512(data); // Sensitive
        DigestUtils.sha512(stream); // Sensitive
        DigestUtils.sha512(str); // Sensitive
        DigestUtils.sha512Hex(data); // Sensitive
        DigestUtils.sha512Hex(stream); // Sensitive
        DigestUtils.sha512Hex(str); // Sensitive
    }
}
</pre>
<h2>See</h2>
<ul>
  <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure">OWASP Top 10 2017 Category A3</a> - Sensitive Data Exposure
  </li>
  <li> <a href="https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration">OWASP Top 10 2017 Category A6</a> - Security
  Misconfiguration </li>
  <li> <a href="https://cwe.mitre.org/data/definitions/916.html">MITRE, CWE-916</a> - Use of Password Hash With Insufficient Computational Effort
  </li>
  <li> <a href="http://cwe.mitre.org/data/definitions/759.html">MITRE, CWE-759</a> - Use of a One-Way Hash without a Salt </li>
  <li> <a href="http://cwe.mitre.org/data/definitions/760.html">MITRE, CWE-760</a> - Use of a One-Way Hash with a Predictable Salt </li>
  <li> <a href="https://www.sans.org/top25-software-errors/#cat3">SANS Top 25</a> - Porous Defenses </li>
</ul>

